Windows Server 2008 : Manipulating Active Directory with Visual Basic Scripts (part 2) - Modifying the Tombstone Lifetime

9/30/2013 3:34:32 AM

You can use the following script to set the tombstone lifetime. This script sets the tombstone lifetime to 365, but you can change the number 365 in the script to any number desired.

Note

The tombstone lifetime identifies the maximum age of a deleted object before it is permanently deleted. Tombstoned objects can be authoritatively restored. However, once the tombstone lifetime expires, they can no longer be restored.

set objdom = getobject("LDAP://rootdse")
set objds = getobject("LDAP://cn=directory service,cn=windows nt,"
 & "cn=Services," & objdom.get("configurationnamingcontext") )
objds.put "tombstonelifetime",365
objds.setinfo

Note

Notice that the second line spans two lines but should only be entered as a single line.

The following table explains each of these lines.

Creating an OU	Comments
set objdom = getobject("LDAP:// rootdse")	This line sets the context to the domain used by the computer using the rootdse shortcut. You can use this instead of naming the domain. The benefit is that the script is portable to any domain. Note LDAP must be all uppercase.
set objds = getobject("LDAP:// cn=directory service,cn=windows nt," & "cn=Services," & objdom.get ("configurationnamingcontext") )	This command uses the getobject method to connect to the directory services container. Figure 1 shows the directory services container in the adsiedit tool.
`objds.put "tombstonelifetime",365`	You can assign values to properties with the put method. This line sets the value of the tombstone lifetime property to 365. Figure 1 shows the current value as 180.
`objou.setinfo`	The setinfo method makes the change.

Figure 1. ADSI Edit tool

You can use the following steps to view the ADSI Edit tool on a domain controller.

Step	Comments
1.	Click Start, type ADSI Edit, and double-click ADSI Edit in the Programs list.
2.	Right-click ADSI Edit and select Connect to.
3.	In the Connection Point section, Ensure that Select a Well Known Naming Context is selected. Select Configuration from the drop down menu. Click OK.
4.	Select Configuration and expand it by clicking the plus (+).
5.	Select CN=Configuration and expand it.
6.	Select CN=Services and expand it.
7.	Select CN=Windows NT and expand it.
8.	Select CN=Directory Service. Right-click CN=Directory Service and select Properties.
9.	Scroll down to Tombstone Lifetime to view the value. Note You can double-click it to set the value from here.

Others

- Windows Server 2008 : Manipulating Active Directory with Visual Basic Scripts (part 1)

- InfoPath with SharePoint 2010 : Enhancing the User Experience - Use Pictures as Choices

- InfoPath with SharePoint 2010 : Enhancing the User Experience - Create a Tabbed Navigation in Your Form

- InfoPath with SharePoint 2010 : Enhancing the User Experience - Make Screen Tips Informative for Validation, Notify the User of Successful Submission

- InfoPath with SharePoint 2010 : Enhancing the User Experience - Configure Dynamic Sections

- InfoPath with SharePoint 2010 : Enhancing the User Experience - Display a Read-Only Value

- Windows 7 : Using a Windows Network - Sharing Resources (part 2) - Sharing Folders Independently

- Windows 7 : Using a Windows Network - Sharing Resources (part 1) - Sharing with a Homegroup

- Windows 7 : Using a Windows Network - Network Power User Topics (part 2) - Mapping Drive Letters

- Windows 7 : Using a Windows Network - Network Power User Topics (part 1) - Understanding the UNC Naming Convention